NGINX SSL Reverse Proxy Verify Upstream SSL

Certificate chain
 0 s:CN = app.local.example.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

Your server is not properly configured. Instead of sending leaf certificate (app.local.example.com) and intermediate certificate it only sends the leaf certificate. Because of the missing intermediate certificate no trust path can be created to the local trust anchor, which means the certificate validation fails with "unable to get local issuer certificate". Browsers often work around such problems by getting the missing intermediate certificate from somewhere else, but other TLS stacks usually don't do such workarounds.

Once you've properly configured the server you should see the following in openssl s_client. Once this is done nginx should work too.

Certificate chain
 0 s:CN = app.local.example.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

Tags:

Nginx

Ubuntu

Ssl

Reverse Proxy

Lets Encrypt

Related

How to get all processes under a session of a particular process that is using a port in Windows cmd Is it reasonable to use NFS on a production web server? When does iptable's conntrack module track states of packets? wget to an IPv4 server from IPv6-only VPS Powershell - Unable to set the Company AD attribute Steps to assign static IP address in CentOS Linux via command line? Is it safe to allow inbound 0.0.0.0/0 on EC2 security group? DNS attacks from external IP with port 80, how could that happened? How can we explain CIDR notation with /24 and /32 to a manager? Microsoft Windows Server 2019 standard evaluation won't accept product code for brand new windows server 2019 essentials A network file on windows is different for different users How to send a signal to a Docker container without affecting restart policy?

Recent Posts